Skip to end of banner
Go to start of banner

2021-04-30 Meeting notes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Date

Attendees

Discussion items

TimeItemWhoNotes

Agree on a new meeting time/cadenceTeam
  1. Shift the security meeting down by 1/2 hour (start it  a half hour earlier)
  2. Do a weekly meeting at the current time, but change it to be only 1/2 hour.
  3. Change the date and time

Review Security Team Charter and ProcessesTeam

Review the document that lead to the group's formation, discuss our processes and effectiveness to date.


Review discussion on Github membership requestsTeam

Per Slack discussion: 

When a dev needs to be added to a GitHub team, we need that request to come from a known party, e.g. another dev or a PO, who can vouch for them. It is difficult/impossible to vet these requests independently. 

Can we just announce this as a policy at the Tech Leads meeting tomorrow? Probably we need a “guideline” document at dev.folio.org or a page on the wiki. Alternatively, since this feels like a security policy, should the security team own this, vet this, be responsible for announcing and documenting this, etc.? Whomever the owner, there is a strong desire from DevOps to keep the policy really simple.

Our thoughts are:

  • Seems reasonable to ask POs or Tech Lead to approve the addition
  • Is this a Security issue or a Tech Council (process) issue? 

 Review open Security issuesTeam Review the Kanban board
  • No labels